How North Korea Robbed $1 Billion From Bangladesh?

It was a normal day in bangladesh on february
7th 2016, bangldeshing were busy doing… whatever bangladeshis do, I wouldn’t know
because I have never been there .Except…the central bank of bangladesh. They have just been robbed, allegedly by North
Korea, and out of $1 billion dollar. Well I know what you are thinking $1 billion
dollar, that’s pennies to nations government, well you may be right,but again I wouldn’t
know, I have never been there. But I do know how it all happened Let’s look at how this alleged robbery by
north korea went down, in today’s video. This all began when hackers were able to gain
access to the central banks internal system. This was pretty easy task for hackers because
as investigators later discovered that bank used a $10 routers that barely had any security
and bank’s system had no firewall. Though it makes no sense why a bank that manages
billions of dollars, invest near nothing in their security, after some research i found
that this is pretty common in some third world countries. After hackers broke into Bangladesh Bank,
they used a malware that helped them hide the traces of their cyberheist. The software was capable of not only bypassing
validation checks and deleting traces of fraudulent transactions from computers, but also generating
fake confirmation receipts. The malware worked by registering itself as
a service and monitoring activity for useful information related to transactions.Though
we don’t how long before the heist were hackers able to gain access to the bank’s
system, we do know that plans to transfer $1 billion dollars were set in motion months
before the actual transfers. Nearly 9 months before the attack, an chinese-indonesian
man opens 4 accounts in philippines RCBC bank and left them untouched until the night of
the attack. We will come back to this later. So let’s get into the attack which begins
on feb 4 thursday after work hours. Hackers had purposely picked this time because
in bangladesh weekend falls on friday and saturday. So there won’t be any employees to monitor
the banking system which means it gives hackers enough time to move the money across the world. Since hackers were already in Bangladesh system,
they used employee credentials to get into SWIFT. SWIFT is global payment network used by more
than 11,000 companies around the world. SWIFT is used to send transfer order between
banks which are then executed by banks themselves. It’s important to point out that investigation
revealed that SWIFT system was never breached by hackers since that would mean an even bigger
problem because swift is used by almost every international bank on this earth. So getting back to the central bank, using
the bank employees swift credentials hackers logged into swift and sent 35 transfer order
totaling $951 million to federal reserve bank in new york. Hackers knew that bangladesh kept their excess
money in their account at FED as many nations do. Transfer orders sent to new york directed
Fed to transfer money to various accounts in Asia. But something wasn’t right, SWIFT internal
security “First line defense” blocks all these 35 request. you see, usually when they receive a SWIFT
request, it has a specific formatting and the request includes the name of the bank
that suppose to receive the funds. But none of these requests had the name of
the recipient. So request were automatically denied by SWIFt
and sent back to confirm. Hackers figured out they had made a huge mistake,
so they decided to re-submit those requests with correct formatting and included the recipient
banks names. Since requests were correct this time around,
they were able to bypass SWIFT first line of defense. After sending transfer orders, hackers were
done. So they started covering their tracks in bangladesh’s
security system. But they left behind a crucial piece of evidence
that links this whole thing to North korea. Was this a mistake or fake evidence to mislead
investigation? I will get to that later in the video. Friday feb 5th 2016. Federal reserve receives 35 transfer order
through SWIFT, a trusted system. FED handles $800 billion of payments each
day, so this wasn’t really out of the ordinary for them. Since fed had no cause to stop the transfers,
they started processing the payments. But 30 out 35 transfers were sent to a bank
on jupiter st, which got flagged in FED system because of USA sanction against Oil tanker
named jupiter in Iran. This extraordinary coincidence helped save
$850 million from being transferred automatically to phony accounts. But there were still 5 transactions that got
through totaling $101 million. 1 of which was going to sri lanka worth $20
million dollar. Money was supposed to go a non-profit company’s
account named Shalika Foundation but hackers had made yet another devastating mistake. They had misspelled foundation and wrote fundation. This kind of mistake isn’t common in SWIFT
request, coupled with so much money coming to small non profit in such small country
raised flagged in Sri lanka. So they contacted Deutsche bank, which was
routing bank for the funds. Deutsche Bank’s contacted the FED and put
a hold on the transfer. Ohh boy…Imagine losing so much money because
of spelling a mistake. Getting back to the story, other 4 requests
were completed, transferring $81 million in 4 different account in a philippines bank
named RCBC. According to the manager these accounts were
expecting a large sum of money, so these transfers didn’t raise any red flags in the bank. So by the end of friday hackers had done everything
in there power to steal almost $1 billion and in fact had gotten away with $81 million. FED was still trying to contact bangladesh
to confirm other 31 request but no response still because of bangladeshi weeked. Then comes Saturday, still a weekend in bangladesh
and now a weekend in New York too, so authorities still had no clue what had went down. Comes sunday, bangladesh central bank employees
notice that printer isn’t working. Printer that suppose to work 24/7 printing
real time transactions isn’t printing anything. They were a little annoyed because it is a
national bank after all but they thought it was just a technical problem. Once the printer starts up again , it begins
printing all the backlog of the transaction, Employees noticed something is off. They realize they have a huge problem on their
hands, someone has stolen almost $1 billion of taxpayers money from a country that can’t
afford to lose a penny. They started panicking, tried to contact FED
in new york to stop the payments but guess what… it’s still weekend in New York, so
nobody was there to receive their message. Bank employees had to wait till monday to
get in contact with FED. Monday comes… 7:30 am, and by this time FED had gotten news
from Bangladesh that these transactions were fraudulent, luckily 31 out of 35 had already
been paused, so they were able to re route that money back to bangladesh’s account
in New york. But 4 transactions totaling $81 million were
already sent to 4 accounts in philippines and it was still a lot of money to loose. SO both Bangladesh and FED try to contact
RCBC bank in philippines to freeze the account but…. that monday was chinese new year,
so it was a national holiday in philippines. So you’re probably noticing something, hackers
had carefully planned this heist, so they have advantage every step of the way. Except I guess they missed out on elementary
school because they didn’t know how to spell foundation. Now bank employee had to wait till tuesday
to contact RCBC bank. Tuesday comes around, RCBC get the news that
money in the account is Bangladesh’s but guess what.. Hackers had already laundered money into casinos
and converted them into cash. Hackers knew philippines at the moment had
very weak anti money laundering laws against casino and they took full advantage of it. So by the end of it all…bangladesh caught
multiple lucky breaks but hackers were still able to get away with $81. And everything was said and done… Or Was it? Remember earlier I told you that hackers left
one key piece of evidence behind. About that, when investigators were analyzing
the Bangladesh bank’s system, they found some traces of the malware still left behind. They found similarity between this malware
and malware from attacks on somali bank and sony pictures hack which were conducted by
the infamous hacking group Lazarus. Investigator also found another key piece
of information, they found that hackers once logged into the system from an IP address
that’s from North Korea. Cyber experts already believed that lazarus
is backed by North Korea and his evidence just solidifies
the suspicion.

4 Replies to “How North Korea Robbed $1 Billion From Bangladesh?”

It’s been more than 3 years since the heist. Investigation is still ongoing, everyone is blaming each other on whose fault it was. Bangladesh central bank has decided to Sue the fed to get their money back instead of just buying a better router from Best buy. Be sure to subscribe if you want to see the second part of the video that talks about how the investigation is playing out. 👉 Subscribe: http://bit.ly/2SGGj11

I'm pretty sure the bank was initially compromised through an employee accidentally opening an infected email; once it was on his computer the lack of network security let them compromise pretty much every computer in the network. I think Kento Bento made a video on this same heist a year or two back, highly recommended it to anyone interested in exploring the subject further.